For a better understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists.
The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is
…show more content…
Let's analyze the various attacks and threats to which our network can be a victim. For a better understanding I'll start from the most external layer of the network.
Phishing or Spear Phishing is an attack that may be carried through the email server. In this attack the hacker creates a fake web site that looks exactly like a popular site or any of ours providers / clients. The purpose of this attack is to collect sensitive information about users or the company. An attack of this type may be little detrimental or devastating, depending on how much and how important is the information collected. If this information provides access to the network to an unauthorized person we could be facing the three types of threats: Denial or Destruction, Alteration and Disclosure. It all depends of the intentions of the attacker.
The WAP can be a victim of multiple attacks. Eavesdropping is one of the most common attacks made against this type of device. Such attack can read and capture all types of packets transmitted through a network. Due to the location of the WAP our main threat would be disclosing of classified information to other sources.
The second most common attack facing us in this segment of the network is Brutal-Force. This attack is based on trying all possible
We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these
Another threat is Phishing, it is the fraudulent practice of sending emails pretending to be from reputable companies in order to lure individuals to reveal personal information, such as passwords and credit card numbers.
In this report I will be describing the ways in which networks can be attacked, also be giving real life example of each of the below.
WEP is an older security protocol for wireless networks that encrypts transmitted data. WEP uses a security code chosen during configuration called a WEP key, which uses a sequence of hexadecimal digits. WEP keys can be formed in different lengths depending on the type of WEP encryption being utilized. However it is generally not recommended to use WEP especially when we’re talking about networks that need more advanced security. The biggest disadvantage found with WEP is really it’s main weakness, a skilled hacker could actually crack the security key within a matter of minutes using special software.
I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. I have now been charged with the responsibility of developing a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization.
They exploit network design weaknesses such as sending ping requests to death, or establishing computationally heavy tasks such encryption and decryption of the victim. The attacks have become rampant because hackers have availed the attack tools to help adversaries bypass the weak security measures in place. The attacks can be direct or reflector (Kinicki, 2012).
Risk management is a key part of information security. Specific to the phishing attack protection, there are two major effects: fixing the missing controls of the system to reduce the vulnerabilities which may be used by phishing; Implement incident response policy to prevent and reduce further damage in case phishing attack successes.
Attackers attack the network by identifying a weak point in the network and create a network threat. There are four primary classes of threat: Unstructured Threats, Structured Threats, External threats and internal
There are twelve major ways technology threatens your online policy today. The first of these threats is phishing. According to Riva Richmond, phishing is a ploy to gain personal information that will help people to steal your identity. Hackers will send you fake e-mails that
Spam and Phishing are the two major types of email attacks. Organizations need to clearly understand what these terms mean in order to assess their impact and minimize their spread. Spam is unsolicited commercial e-mail. Phishing, on the other hand, uses legitimately looking emails that trick the receiver into giving out sensitive information (Boyle & Panko, 2015). Spam is the annoying email promising the reader to get rich, skinny, prettier etc. Most people are familiar with the Nigerian scam where a prince or oil tycoon wants to give up his fortune to the lucky
Technology vulnerabilities: according to Rufi (2006) TCP/IP protocols are naturally insecure, including HTTP, FTP and SMTP. The company run different versions of operating system on their servers and computers and all versions of Windows operating system have security problems that must be addressed. All equipment in the
Attack on a systems or network is defined on your network infrastructure. Attacker will first analyse network environment and collect information in order to take advantage of the existing open ports or vulnerabilities. It may include unauthorized access to company’s resources.
Governments, businesses and individuals are using the internet for day-to-day activities and any disruption can have devastating effects. This dependence on electronic information exchange, whilst having its positive side, also has a big negative with security issues. The ease at which a website or news portal can be attacked and taken down by almost any person with an internet connection is of huge concern. The various methods of electronic attacks which can take shape bring forward the subject of electronic warfare and how it impacts society. Various attacks can take place, although the distributed denial-of-service attack is the one of focus due to its eafse and its common appearance on the internet.
A threat is generally defined as an object, person, or other entity that represents a constant danger to an asset. Sans described threat as “anything that would contribute to the tampering, destruction or interruption of any service or item of value”. Threats possessed to an organization or business generally aim at identity theft, financial fraud, data breach causing loss to company’s asset. Fraud tricks can be applied on online user to gain knowledge about password username mother’s maiden name birthdate etc. These information are enough to fraud into ones bank account or create a new identity. In an open WiFi zone several computers can be hacked using hacking tools. The system can even be hacked using Bluetooth technology.
However, some employees may suffer advanced phishing attacks too. Since we were using a complete official domain